Please ignore. This is user failure.

Hi, I was able to resovle the issue, seems that something in the configuration was causing the issue, clearing all the settings and just setting this up worked.

Hello! I usually setup my NAT rules with a dest addr of "WAN Address" or a VIP. I have never used "WAN Net". John

@gwaitsi there is something else with this i don't understand. clients that don't use pfsense i.e. android, and win with comodo have trouble resolving dns queries via http but no problems with traceroutes, ping, etc if i turn off the The Firewall DNS rule, dns does not resolve on the client - so appears to be trapped by the block rule as required. however. if i use dig @8.8.8.8 dns request resolve. Is this correct behavior, if not. What am i doing wrong? If so, why do why dns servers try to reach my clients on port 53 if they are being trapped by the NAT rule?

Hi All, Issue fixed adding a NAT rule. [image: 1589188815721-73e851d3-b721-4558-b851-5645b7b925a7-immagine.png] That automatically has updated the WAN: [image: 1589188836135-f121c791-c4b1-4359-a7fd-19ad2ac6d9b3-immagine.png] regards Giovanni

Thanks :) I struggled with not getting traffic from outside and in. But I had to spesify the local IP in the fw rules (and not the virtual one) and than it seems to work just fine with 1:1 NAT. Should there be any notificeable speed difference to talk about on 1:1 vs transparent?

@holunde said in Trouble in FTP-land: so it has addresses from 192.168.1.129 - 192.168.1.254, broadcast 192.168.1.255. I was thinking 1 to 127 - 128 and urther up using bit 8 (set) which lies outside the mask. For memory : /24 1111 1111 1111 1111 1111 1111 0000 0000 /25 1111 1111 1111 1111 1111 1111 1000 0000 @holunde said in Trouble in FTP-land: 192.168.241.3 Ok, I get it - I guess. The FTP server makes up some IP being totally outside it's network. Like : I'm a.b.c.d - talk back to using e.f.g.h. I always thought FTP servers messed around with sets of ports numbers - not IP adrresses. If NATting was used, then IP becomes important - but that is not the case here. It's just direct routing. @holunde said in Trouble in FTP-land: what you think of this whole mess? Like millions : so happy that this FTP mess is finally over ..... Still, I'm using an FTP client and server, a DVR Dashua record on my LAN network that blast several screenshots every 20 seconds to my web server (webcam !), a dedicated server some where on the Internet. The FTP server is locked to my @work WAN IP. No TLS, nothing the like because the images are posted anyway. What about a clean setup : LAN default 192.168.1.1/24 OPT1 : 192.168.2.1/24 And WAN something else, also /24

@Crunk_Bass It happens to both me and other players. As far as NAT reflection goes I do have it set in my NAT Rule for the ports as i previously couldn't join the server when on a single connection. I imagine i might be able too now as my client will come out of WAN 2. [image: 1588287629561-ac303106-82c6-430f-8363-b0e3710fd22a-image.png] However I do not have it set in the advanced settings, not sure if I now need it for some reason? [image: 1588287699009-bf0e976e-827d-45e8-a654-b4157b11971c-image.png] Would the fact that the server tries to go out and back in cause an issue? Almost feels like it goes out, but never makes it back and then falls back to the firewalls default routing? Really not sure.

Maybe you need to add an additional outbound NAT rule? Something like Interface: Modem Interface, Source: OpenVPN Subnet, Destination: Modem Address, NAT Address: Modem Interface Address

To balance between the two IPs simply add another record to your domain. It is called round-robin or load balancing DNS. Here is a quick explanation: https://www.nginx.com/resources/glossary/dns-load-balancing/

Not yet, but I promise I will do my homework this weekend!

disable NAT, you don't need it

Thanks for you update. I have implemented it by using proxy Linux instance which is doing port forwarding.

Hi i've got the same problem, i can NAT my OpenVPN Client with a PfSense virtual IP only with my Local LAN, it doesn't work over remote Ipsec Network. I've got 20 Ipsec VPN tunnel and i can't create addition Phase2 on all tunnel. Bye Gabriele

Thanks, after some testing it turns out my $30 access point is a pos.. Thanks for quick reply!